Packet Sniffer

Overview

Packet sniffers, also known as a network monitors and network analyzers, can be used by a network administrator to monitor traffic and troubleshoot problems. Using the information that is captured by the packet sniffer, an administrator can identify data packets. The administrator can use the data to uncover points of trouble in a network and help maintain network data transmission. A packet sniffer captures all the packets of data that pass through a network interface regardless of the destination.

Whenever you send a large file, it is broken down into packets. A packet sniffer will analyze these packets and create a log. By looking at the log file, you can identify the contents of each packet.

A packet has a header with information that pertains to the source and header. A packet also contains the body, which is the actual sent and received data. The following are examples of packet sniffing tools:

• Kismet - a powerful wireless network sniffer
• Tcpdump - a classifier sniffer for network monitoring and data acquisition
• Cain and Abel - a stop password recovery tool for Windows
• Netstumber - a tool used to find open wireless access points
• Ntop - a network traffic usage monitor
• Ngrep - a tool used for packet matching and display
• EtherApe - a graphical network monitor

Most packet sniffers are open source, so they are available free of cost. You can download and install packet sniffers from a reputable website.

Benefits

A packet sniffer is used to debug communication between a client and a server. In order to come through to your network, it must pass through the packet sniffer. As a result, your network is more secure. You can identify network problems before they become serious, and you can monitor how a network as used. You can also use packet sniffers to monitor network users. Just make sure that you do not spy on your network users since you can also use packet sniffers to collect sensitive information and passwords.

How It Works

Network data transfer occurs over a variety of protocols: Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). When an URL is typed into a browser, the request passes through the software or hardware based packet sniffer. The sniffer collects the attributes of the data packet and then routes the details to the web server and network administrator.

Packet sniffers help you identify who is communicating with whom and what data is sent and received over the network. By capturing these packets, you can collect statistics on the amount of messages that are passing through the network. With these statistics, you can analyze network traffic.

Be careful when you use a packet sniffer. Although you will have enhanced tools to monitor your network, you might also open doors to allow intruders access to your confidential data and network files. Make sure that you do not configure your network device to read all network packets that arrive.

Companies/Brands

Wireshark, Kismet, and Colasoft offer resources for packet sniffing.